survey

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's workflow explicitly requires fetching and interpreting open/public web content — e.g., SKILL.md Step 2/Step 4 and references/evidence-recovery-ladder.md and references/keyword-sweep-and-relevance-rescue.md instruct "direct primary-page retrieval", "browser-rendered retrieval", indexed snippets, and GitHub/gh API retrieval — so the agent will consume untrusted third-party pages and repo content that can materially influence decisions and tool actions.